INFORMATION BULLETIN
INFORMATION BULLETIN
| PROBLEM: | Multiple vulnerabilities have been identified by Ethereal: - a bug in DICOM dissection - an invalid RTP timestamp - memory access issue in the HTTP dissector - handling of improperly formatted SMB packets |
| SOFTWARE: | Ethereal versions range from 0.9.0 thru 0.10.7 Debian GNU/Linux 3.0 (woody) Red Hat Desktop (v. 3) and (v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v.3 and v.4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor SGI ProPack 3 Service Pack 3 |
| DAMAGE: | Execution of arbitrary code or a denial of service may be possible. |
| SOLUTION: | Upgrade to version 0.10.8. |
| VULNERABILITY ASSESSMENT: |
The risk is HIGH. Ethereal is a widely used packet sniffer and must be run as root. It may be possible to run arbitrary code or cause a crash. |
| LINKS: | |
| CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/p-061.shtml |
| ORIGINAL BULLETIN: | http://www.ethereal.com/appnotes/enpa-sa-00016.html |
| ADDITIONAL LINKS: | http://www.debian.org/security/2004/dsa-613 Red Hat Security Advisory RHSA-2005:011-11 https://rhn.redhat.com/errata/RHSA-2005-011.html SGI Security Advisory Update #26, 20050202-01-U http://www.sgi.com/support/security/advisories.html Red Hat Security Advisory RHSA-2005:037-11 https://rhn.redhat.com/errata/RHSA-2005-037.html |
| CVE/CAN: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CAN-2004-1139 CAN-2004-1140 CAN-2004-1141 CAN-2004-1142 |
REVISION HISTORY:
12/21/2004 - added link to updated Debian Ethereal packages available through
Security Advisory DSA-613-1.
02/02/2005 - added link to updated Red Hat Ethereal packages available through
Red Hat Security Advisory RHSA-2005:011-11.
02/14/2005 - added link to SGI Security Advisory Update #26, 20050202-01-U
that provides a patch that includes updated SGI ProPack 3
Service Pack 3 RPMs for the SGI Altix family of systems.
02/22/2005 - added link to Red Hat RHSA-2005:307 that provides updated packages
for Red Hat version 4.
[***** Start Ethereal Docid: enpa-sa-00016 *****]
Summary
Name: Multiple problems in Ethereal versions 0.9.0 to 0.10.7
Docid: enpa-sa-00016
Date: December 15, 2004
Versions affected: 0.9.0 up to and including 0.10.7
Severity: High
Details
Description:
Issues have been discovered in the following protocol dissectors:
Matthew Bing discovered a bug in DICOM dissection that could make Ethereal
crash.
Versions affected: 0.10.4 - 0.10.7
CVE: CAN-2004-1139
An invalid RTP timestamp could make Ethereal hang and create a large
temporary file, possibly filling available disk space.
Versions affected: 0.9.16 - 0.10.7
CVE: CAN-2004-1140
The HTTP dissector could access previously-freed memory, causing a crash.
Versions affected: 0.10.1 - 0.10.7
CVE: CAN-2004-1141
Brian Caswell discovered that an improperly formatted SMB packet could
make Ethereal hang, maximizing CPU utilization.
Versions affected: 0.9.0 - 0.10.7
CVE: CAN-2004-1142
Impact:
It may be possible to make Ethereal crash or run arbitrary code by
injecting a purposefully malformed packet onto the wire or by convincing
someone to read a malformed packet trace file.
Resolution:
Upgrade to 0.10.8.
If you are running a version prior to 0.10.8 and you cannot upgrade, you
can disable the HTTP, DICOM, and SMB protocol dissectors by selecting
Analyze->Enabled Protocols... and deselecting them from the list. However,
it is strongly recommended that you upgrade to 0.10.8.
Please send support questions about Ethereal to the
ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal
support questions), please send email to ethereal-web[AT]ethereal.com .
Last modified: Wed, December 15 2004.
[***** End Ethereal Docid: enpa-sa-00016 *****]
Voice: +1 866-941-2472 (7 x 24)
E-mail: doecirc@doecirc.energy.gov
World Wide Web: http://www.doecirc.energy.gov/